Add a FAQ

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4356 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-08-15 14:38:55 +00:00
parent 6f59b28ecd
commit 6842ce6432
2 changed files with 58 additions and 11 deletions

View File

@ -103,7 +103,7 @@
</section> </section>
</section> </section>
<section> <section id="PortForwarding">
<title>Port Forwarding (Port Redirection)</title> <title>Port Forwarding (Port Redirection)</title>
<section id="faq1"> <section id="faq1">
@ -605,6 +605,54 @@ to debug/develop the newnat interface.</programlisting></para>
<section> <section>
<title>Open Ports</title> <title>Open Ports</title>
<section id="faq0">
<title>(FAQ 0) How do I Open Ports in Shorewall?</title>
<para><emphasis role="bold">Answer:</emphasis> No one who has installed
Shorewall using one of the <ulink
url="shorewall_quickstart_guide.htm">Quick Start Guides</ulink> should
have to ask this question.</para>
<para>Regardless of which guide you used, all outbound communcation is
open by default. So you do not need to 'open ports' for output.</para>
<para>For input:</para>
<itemizedlist>
<listitem>
<para>If you installed using the Standalone Guide, then please
<ulink url="standalone.htm#id2499092">re-read this
section</ulink>.</para>
</listitem>
<listitem>
<para>If you installed using the Two-interface Guide, then please
re-read these sections: <ulink
url="two-interface.htm#id2499962">Port Forwarding (DNAT)</ulink>,
and <ulink url="two-interface.htm#id2500428">Other
Connections</ulink></para>
</listitem>
<listitem>
<para>If you installed using the Three-interface Guide, then please
re-read these sections: <ulink
url="three-interface.htm#id2499698">Port Forwarding (DNAT)</ulink>
and <ulink url="three-interface.htm#id2500224">Other
Connections</ulink></para>
</listitem>
<listitem>
<para>If you installed using the <ulink
url="shorewall_setup_guide.htm">Shorewall Setup Guide</ulink> then
you had better read the guide again -- you clearly missed a
lot.</para>
</listitem>
</itemizedlist>
<para>Also please see the <link linkend="PortForwarding">Port Forwarding
section of this FAQ</link>.</para>
</section>
<section id="faq4"> <section id="faq4">
<title>(FAQ 4) I just used an online port scanner to check my firewall <title>(FAQ 4) I just used an online port scanner to check my firewall
and it shows some ports as <quote>closed</quote> rather than and it shows some ports as <quote>closed</quote> rather than

View File

@ -195,14 +195,15 @@
<para><filename>/etc/modprobe.conf.local</filename></para> <para><filename>/etc/modprobe.conf.local</filename></para>
<para>See <ulink <para><filename class="devicefile">eth1</filename> (PCI 00:09.0) and
url="http://wiki.xensource.com/xenwiki/Assign_hardware_to_DomU_with_PCIBack_as_module">http://wiki.xensource.com/xenwiki/Assign_hardware_to_DomU_with_PCIBack_as_module</ulink> <filename class="devicefile">eth2</filename> (PCI 00:0a.0) are
The SuSE 10.1 Xen kernel compiles pciback as a module. <filename delegated to the firewall DomU where they become <filename
class="devicefile">eth1</filename> (PCI 00:09.0) and <filename
class="devicefile">eth2</filename> (PCI 00:0a.0) are delegated to the
firewall DomU where they become <filename
class="devicefile">eth3</filename> and <filename class="devicefile">eth3</filename> and <filename
class="devicefile">eth4</filename> respectively.</para> class="devicefile">eth4</filename> respectively. The SuSE 10.1 Xen
kernel compiles pciback as a module so the instructions for PCI
delegation in the Xen Users Manual can't be followed directly (see
<ulink
url="http://wiki.xensource.com/xenwiki/Assign_hardware_to_DomU_with_PCIBack_as_module">http://wiki.xensource.com/xenwiki/Assign_hardware_to_DomU_with_PCIBack_as_module</ulink>).</para>
<programlisting>options pciback hide=(00:09.0)(00:0a.0) <programlisting>options pciback hide=(00:09.0)(00:0a.0)
install tulip /sbin/modprobe pciback ; /sbin/modprobe --first-time --ignore-install tulip install tulip /sbin/modprobe pciback ; /sbin/modprobe --first-time --ignore-install tulip
@ -217,7 +218,7 @@ options netloop nloopbacks=1</programlisting>
name = "firewall" name = "firewall"
# usable ram: # usable ram:
memory = 256 memory = 384
# kernel and initrd: # kernel and initrd:
kernel = "/xen2/vmlinuz-xen" kernel = "/xen2/vmlinuz-xen"
@ -231,8 +232,6 @@ extra = "3"
# network interface: # network interface:
vif = [ 'mac=aa:cc:00:00:00:02, bridge=xenbr0', 'mac=aa:cc:00:00:00:03, bridge=xenbr1' ] vif = [ 'mac=aa:cc:00:00:00:02, bridge=xenbr0', 'mac=aa:cc:00:00:00:03, bridge=xenbr1' ]
dhcp = 'dhcp'
hostname = name
# Interfaces deletgated from Dom0 # Interfaces deletgated from Dom0
pci=[ '00:09.0' , '00:0a.0' ] pci=[ '00:09.0' , '00:0a.0' ]